Virus Warning

[Nelson Thompson]

I am running Windows 7 Pro on an older desk top and during the last few days have been getting a Virus detected and quarantined message on virtually every application that I use.  I have been using some of these sights for 10 plus years and never had this issue previously.  It persists even when I switch from Firefox to Chrome.  I just ran a full scan of the entire computer and get reports of no virus found and have verified that the latest update is installed (as of 2/2/19).  When I go to manually initialize Immunet, I see a note that the computer has never been scanned and  is not secure even when I have just run a full scan. 

A typical warning is that f_0001f3 has been detected as Clam.Txt.Trojan.Generic-6840302-0.  Quarantine was successful.  I even got a message that Firefox Installer was a Trojan.

This is very annoying and I would like some suggestions to resolve this issue.

Nelson

 

Edited February 2, 2019 by Nelson Thompson
Add info

[Simonster]

Same here - except mine is with (Google) Chrome

 

Every new tab.... Grrrrrrr!

[GGG]

I am also having this problem, every time I open a new tab or website in Google Chrome I get a notification that Immunet has quarantined a file called f_(any combo of numbers and letters like, f_00003b / f_047ae5 / f_0aa457) and Clam.Txt.Trojan.Generic-6840302-0. I did a full scan and it said it quarantined 5 files, and then I did a second full scan right after and there were 0 malicious files. I have cleared my Chrome Cache and Reset Browser settings, and restarted my computer several times. I am on Windows 10 Pro (version 10.0.17134) and Chrome version 71, and Immunet update from (2/2/19 which is today), and I get a file quarantined / threat detected every few minutes. I can't even find the files that it is referencing, the path is C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b     I can't even reach this file in my system, and I thought clearing my Google cache would help but it has not, and all of the 30 files it has "quarantined" in the last day has had the same path with a change at the end. I don't know what to do

EDIT: I have found the files that they deem to be a threat and determined them not to be harmful, they are only my cache preloads, and i have decided to whitelist / have Immunet not search my Chrome Cache file for threats, just because I don't want the program to continuously quarantine my preloads. If what I have just done is very harmful or a very bad idea, please let me know!

Edited February 3, 2019 by GGG
White-listing my cache

[Urban Haka]

I'm receiving the same message when loading Gmail in firefox flagging a cache file as "Txt.Trojan.Generic-6840302-0". I also have a number of anti-spam anti tracking and security plugins installed. It's possible one of them is doing something Immunet doesn't like.

ABP, Ghostery, uBlock Origin, https everywhere, canvas defender, privacy badger, firefox multi-account containers and lastpass.

I uploaded the cache sample to virus total. The ClamAV engine was the only one to flag this as a trojan. The content is a compressed GZ stream with the following code:

this.A2A=this.A2A||{};(function(_){var window=this;
try{
var aa,ba,ca,da,ea,fa,ha,ia,ja,ka,la,ma,na,ua,va,wa,xa,ya,za,Ba,Da,Ea,Ia,p,Ja,Ka,Na,Oa,Pa,Qa,Ra,Sa,Ta,Va,Wa,eb,fb,gb,hb,ib,jb,kb,mb,lb,nb,ob,pb,q,t,v,qb,rb,sb,tb,ub,vb,wb,yb,zb,Cb,Ab,Bb,Db,Eb,Fb,x,z;aa=function(a){for(var b=a.length;0<=--b;)a=0};ba=function(a,b,c,d,e){this.te=a;this.Jf=b;this.If=c;this.Ff=d;this.lg=e;this.Nd=a&&a.length};ca=function(a,b){this.zd=a;this.xb=0;this.Wa=b};da=function(a,b){a.T[a.B++]=b&255;a.T[a.B++]=b>>>8&2

Source: https://www.virustotal.com/en/file/6570a85c33d467f10e52bddc31575c4329ca1a6ae9641c4321690a8ae65e41c5/analysis/1549184011/

I've submitted it to clamAV as a false positive.

[redwater]

The same...

[stealth47]

I have gotten rid of the annoying popup by removing immunet from my computer for the time being.

 

[Nelson Thompson]

2 hours ago, stealth47 said:

I have gotten rid of the annoying popup by removing immunet from my computer for the time being.

 

That appears to be a somewhat drastic solution to the issue but I may consider doing the same thing if I cannot resolve this present issue.

Nelson

[GGG]

2 hours ago, Nelson Thompson said:

That appears to be a somewhat drastic solution to the issue but I may consider doing the same thing if I cannot resolve this present issue.

Nelson

 

5 hours ago, stealth47 said:

I have gotten rid of the annoying popup by removing immunet from my computer for the time being.

 

If all of the false positives come from the same folder (mine is the chrome cache) you can whitelist/exclude that folder from Immunet's virus search as I have done. You just go into the settings and add an exclusion and then copy+paste or browse to your folder cache.

so open Immunet > settings > add new exclusion > file/folder type > whatever path to your folder you want to whitelist, i did  C:\Users\(user name)\AppData\Local\Google\Chrome\User Data\Default\Cache\   and this has resolved my issue

[panovattack]

I am having the same issue, had to WL the directory. 

[ebloch]

My warnings are in FireFox profile. They resulted from the simultaneous opening of eight (8) URLS with an additional two URLs already opened.

I disconnected my Win 7 Home SP-1 64 bit PC from network. I manually deleted all items in quarantine and noted several that were detected but Immunet was not able to quarantine. I ran a quick scan and two items were removed.

Additionally Immunet shut down!! Without me closing it.

I reinstalled using an up to date copy I have resulting in 6.2.4.10819, reconnected the network, and then an update check says everything up to date including definitions installed one hour before problem started.

I repeated the the simultaneous opening of eight (8) URLS with an additional two URLs already opened with the result the same except Immunet did not shut down.

So leaving the Immunet results alone I opened each URL one at a time and Immunet duplicated its quarantines and quarantine failures.

Perhaps the definition file has an inappropriate addition for its newest info? This could be tested if Immunet could supply an older definition file for testing.

If this keeps up Immunet will not be of practical use.

Edited February 4, 2019 by ebloch

[Guest Wookiee]

it might be an issue with a signature, I am looking into it.

[Rob.T]

confirmed, is defiantly a Clam false positive.  Thanks to everyone who reported this.  we're reprod it internally and are working on a fix.  In the mean time, if you turn off the  clam AV engine in Immunet's settings  that'll prevent the constant FP  notifications  and still keep your computer protected with the immunet  cloud engine.  We'll notify the thread  to turn clam back on as soon as the fp is fixed.

 

 

[Rob.T]

the The FP'ing sig was fixed late yesterday and it's safe to to turn the Clam engine back on,  and but please ensure you start a manual clam definitions update too; by clicking he update now button in immunet  gui.  And that will ensure the  sig is updated    asap.

 

[Nelson Thompson]

My Immunet software is now working correctly with no warnings so I consider this issue closed.

 

Nelson

[Guest Wookiee]

Yeah, like Rob said. We had an issue with a signature but all should be fixed now.
Let us know if you have anymore issues.

[ebloch]

Fixed for me also

[Urban Haka]

Thanks for sorting

[smjaynes]

I am getting a virus warning also on Windows 10 home, trying to update Firefox. Won't let me update it. Even after doing as you stated and with the update!

Edited February 13, 2019 by smjaynes
to clarify used above fix.

[ritchie58]

Could you tell us what the Quarantine detection name is? Actually a screen grab of the little Immunet quarantine window would be very helpful if you can provide that.

[ritchie58]

For any user that experiences what they think may be a False Positive quarantine response we do encourage the use of our official False Positive reporting site at this link.
http://www.immunet.com/false_positive

Regards, Ritchie...

[Emeric Solymossy]

It is now well over a year since the problem was "fixed."  I am running windows 10, all the current updates, fully updated Immunet, and am STILL GETTING clam detections on Chrome.

I am disabling the clam engine as suggested last year, but would like some indication as to why this "fixed" issue is plaguing me.  I visit the same pages in Firefox without incident.

Thanks

Emeric 

[ritchie58]

Hello Emeric,

I'm sure this a new False Positive response by ClamAV & 'not the same issue' Emeric.

I would normally suggest that you submit these files for analysis at our False Positive URL but that seems to be non-functional for now. Since they are Clam detections you could submit your findings directly to the ClamAV support team at this URL. https://www.clamav.net/reports/fp

Have you tried to restore these files from Quarantine?

If you run into problems restoring the files you do also have the option to just create a custom Exclusion rule for Chrome's 'entire Program Files folder directory' so it will no longer be scanned.

I know that's a less than ideal possible fix but there hasn't been any technical support on this forum for some time now. Although I'm not an official support person that might be your best viable solution that I can think of. If that works you should be able to continue to use the ClamAV module.

Best wishes, Ritchie...